Reset Your Password

Page Purpose: Set new password after reset request.
User Context: User clicked reset link from email.
Next Steps: After reset → Login Page

Client-side validation:

• New Password: Required, minimum 6 characters
• Confirm Password: Must match new password
• Password strength indicator (weak/medium/strong)

Server-side validation:

• Token is valid and not expired
• Token has not been used
• Email matches token
• Password meets strength requirements
• Password is different from current password

Error messages:

• "Password reset link is invalid or has expired"
• "Password must be at least 6 characters"
• "Passwords do not match"
• "New password cannot be the same as your old password"

1. Validate reset token
2. Update user's password hash
3. Mark token as used
4. Invalidate all existing sessions
5. Send confirmation email
6. Redirect to login with success message

AspNetUsers Table Fields Updated:

• PasswordHash (updated with new hash)
• SecurityStamp (regenerated)

Password Reset Token Validation:

• Token must match database record
• ExpirationDate must be in the future
• IsUsed must be false
• Email must match user record

• Token Validation: Cryptographic token verification
• Time-Limited: 24-hour expiration
• Single Use: Token can only be used once
• Session Invalidation: Logs out all existing sessions
• Confirmation Email: Notifies user of password change
• Audit Trail: Logs password reset activity

Subject: Your Password Has Been Reset

Body:
"Hello [FirstName],

Your password for Remarx has been successfully reset.

If you did not make this change, please contact support immediately at support@remarx.com.

For security, you may need to log in again on all your devices.

- Remarx Team"